minor -changes

headless/unauth-temporal-web-ui.yaml

@@ -4,7 +4,8 @@ info:
   name: Temporal Web UI - Unauthenticated Access
   author: ggranjus
   severity: high
-  description: Temporal Web UI was able to be accessed because no authentication was required
+  description: |
+    Temporal Web UI was able to be accessed because no authentication was required
   reference:
     - https://docs.temporal.io/web-ui
   classification:
@@ -14,19 +15,18 @@ info:
   metadata:
     verified: 'true'
     shodan-query: http.favicon.hash:557327884
-
   tags: temporal,unauth,headless
 
-headless:
-  - steps:
-      - action: navigate
-        args:
-          url: "{{BaseURL}}"
-
-      - action: waitload
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/favicon.ico"
+      - "{{BaseURL}}/api/v1/namespaces/default/workflows?query="
 
+    matchers-condition: and
     matchers:
-      - part: body
-        type: word
-        words:
-          - "<title id=\"temporalLogoTitleID\">View Recent Workflows</title>"
+      - type: dsl
+        dsl:
+          - "status_code_1 == 200 && (\"44c856843ce2631b1d6968ac11fa9ec4\" == md5(body_1))"
+          - "contains(body_2, 'nextPageToken') && status_code_2 == 200"
+        condition: and